National Credit Reporting Association, Inc.
Proposed Consent Agreement In the Matter of ACRAnet, Inc., a corporation, File No.0923088
March 7, 2011 Hon. Donald S. Clark Federal Trade Commission Office of the Secretary 600 Pennsylvania Avenue, NW Washington, DC 20580 Via Electronic Filing Re: In the Matter of SettlementOne Credit Corporation, et al., File No. 082 3208 In the Matter of ACRAnet, Inc., File No. 092 3088 In the Matter of Fajilan and Associates, et al. File No. 092 3089 Dear Mr. Clark: The National Credit Reporting Association, Inc. (NCRA) appreciates the opportunity to comment on the Federal Trade Commission's (FTC) proposed settlements in the three above-referenced matters. Background on NCRA NCRA is a non-profit trade association, founded in 1992, representing the consumer reporting industry, especially credit reporting companies that provide products and services to the housing industry with the hybrid, multi-data source reports for mortgage lending and tenant screening. NCRA represents approximately 80% of the credit reporting agencies in the United States that produce the specialized mortgage credit reports as required by the Department of Housing and Urban Development, Fannie Mae, and Freddie Mac for mortgage loan underwriting. The respondents in these actions are all "resellers" of consumer reports within the meaning of the Fair Credit Reporting Act (FCRA). Respondents ACRAnet and SettlementOne are members of NCRA. As resellers of consumer reports, NCRA members obtain reports from the three nationwide consumer reporting agencies and create combined, or trimerge, reports. The trimerge reports are sold to mortgage brokers, mortgage lenders and other end-users in the mortgage industry for use in connection with consumers' mortgage loan applications. NCRA members take very seriously their obligation to safeguard consumer information, and agree with the FTC's statements about risks associated with identity theft. For that reason, our members devote significant resources and effort, including investment in sophisticated technology systems, to protect consumer data within their control. NCRA's comments exceed the space limitation for this format so please see attached document for our complete comment on this matter. The FTC can best promote the important objective of protecting consumer information by focusing on entities that are best able to provide this protection. The Commission should hold resellers responsible for consumer information and access to that information within their control, but the Commission should also hold end users responsible for their own data security. In this case, the FTC ignores end-users altogether and instead would require resellers to assume responsibility for third parties internal data security measures. Not only will this impose an unfair and unworkable burden on resellers, it would also create a system that leaves consumers more vulnerable than they would be if the FTC required each entity to take responsibility for its own data security systems. The position of the FTC may actually discourage end users from taking security steps to protect their consumers information and attempts to place this responsibility on the reseller (which in many cases is a much smaller company than the end user) who have no real ability to protect the consumers information once it reaches the end users computer systems. Thank you again for the opportunity to comment on these matters and please refer to the attached document for NCRA's full comment. Sincerely, Terry W. Clemans Executive Director National Credit Reporting Association, Inc.